Carleton University computers infected with ransomware

'Our research is halted right now because all our computers are either shut down or infected'

According to a graduate student, the attackers have asked for 39 bitcoin to unlock all of Carleton's infected computers. (Benoit Tessier/Reuters)

Matthew BragaSenior Technology Reporter

Matthew Braga is the senior technology reporter for CBC News. He was previously the Canadian editor of Motherboard, Vice Media's science and technology website, and a business and technology reporter for the Financial Post.
Email: matthew.braga@cbc.ca

Students at Carleton University are being warned that some of its computers have been infected by ransomware — a type of computer virus that uses encryption to effectively hold files hostage in exchange for payment.

"Any system accessible from the main network, that is Windows based, may have been compromised," the school's computing and communications services department wrote in an update to its website Tuesday morning.

A graduate student at the university emailed CBC to say the attackers have asked for payment in bitcoin, a digital currency that is difficult to trace. According to a message he saw on a school computer, the attackers are asking for either two bitcoin per machine, or 39 bitcoin total to release the encrypted files — the latter equalling nearly $38,941 at today's rate on the popular Bitcoin exchange Coinbase.

The school has warned students to ignore the messages and report them.

"Our research is halted right now because all our computers are either shut down or infected," the graduate student said.

More information to come

"We're trying to sort out the details still," said Steven Reid, a media relations officer at Carleton, who could not confirm the amount of payment the attackers had requested. "It's affecting multiple systems, but we don't know the extent."

Students have been warned to shut down their computers, and stay off the school's wireless network.

Staff and faculty at the university received notification of "network issues" from the IT department on Twitter just before 9 a.m. on Tuesday morning.

Those issues were said to be impacting email and Carleton Central, an information hub for course registration, admissions, payroll, and other administrative services.

David Kenyi, a volunteer at the school's International Student Services Office, told CBC News that he and his colleagues have been unable to access their email and that students have been unable to register for events at his office.

"Now they do it manually, using pen and paper, and later I will need to put that into the system," Kenyi said.

Previous victims

In June of this year, the University of Calgary was hit by a similar attack. In that case, the university paid $20,000 to regain access to its systems.

At the time, university vice-president of finances and services Linda Dalgetty said the school decided to pay the ransom to ensure that no one would lose access to their research.

And just this past weekend, San Francisco's Municipal Transportation Agency (SFMTA) was infected with ransomware that took its ticketing systems offline. During the downtime, passengers were allowed to ride for free.

In that case, the attackers demanded payment of 100 bitcoin, which is worth about $95,000 Cdn. In a statement to the CBC, SFMTA chief spokesperson Paul Rose said that the agency did not pay the ransom and never considered doing so.

Public Safety Canada recommends that victims not pay the ransom requested by their attackers, as there is no guarantee that the locked files will be released, and payment may only encourage more criminals to adopt the tactic.